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♦  Introduces  concept  of  Network  Centric 
Warfare 

m Network  Power  is  Combat  Power 

♦  Network  Defense  is  Combat  Power 
Protection 

♦  Our  information  systems  strength  can 
become  a  critical  vulnerability 
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Threats  are  real 
Explosion  in  access 
More  to  protect 


Condition  existing  when  data 
is  unchanged  from  its  source 
and  has  not  been  accidentally 
or  maliciously  modified, 
altered,  or  destroyed. 


iMnJl:)  ai 
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Assurance  the  sender  of  data 
is  provided  with  proof  of 
delivery  and  the  recipient  is 
provided  with  proof  of  origin, 
so  neither  can  later  deny  " 
having  processed  the  data. 


AVAILABILITY 


Timely,  reliable  access  to 
data  and  information  services 
for  authorized  users. 
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Assurance  that  information  is 
not  disclosed  to  unauthorized 
persons,  processes,  or 
devices. 


Security  measure  designed  to 
establish  the  validity  of  a 
transmission,  message,  user, 
or  system  or  a  means  of 
verifying  an  individual’s 
authorization  to  receive 
specific  categories  of 
information. 
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Information  Assurance  Policy 


Technology 


Defense-in-Depth 

Layers 

•  Security  Criteria 

*  IT/IA  Acquisition 

*  Risk  Assessments 

•  C&A 


i  J 


ensjiL 


r 
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•Training 

•  Certification 

•  Awareness 

•  System  Security 

•  Administration 

•  Physical  Security 

•  Personnel 
Security 


Source 


I'ilkttMil 


Psupls 


•rations 

•  Assessments 

Monitoring  and 
Analysis 

•Warning 

•  Response 

•  Reconstitution 
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♦  Dynamic  environment 

♦  Multiple  points  of  security  failures 

♦  Vulnerabilities  occur  unexpectedly 

♦  Only  as  strong  as  the  weakest  link 


Problem  goes  beyond  the  IA  professionals 
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a  Donb 


Must  be  enterprise-wide  strategy 

Require  risk  management  business 
practice 

Insure  SCfl  Infrastructure  is  reliable 
and  secure 


Priority  commitment 
Protect  all  networks;  all  classification 
Focus  on  the  human  element 


Implement  Defense-in-Depth 


90634-7 


J-Jow  do  wo 


goi  id  o  rod 


Protect  the  network 


Protect  the  enclave 
Protect  the  computing]  environment 
Public  key  infrastructure 
Detect  and  respond 


Strategic  Partnership 
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ana  infrastructure 
(DoDJJS  sjrjd  non- 
DoDJJS)  \ 


Enterprise  Infrastructure1 
Protection  ^ 

'  ♦  Security  Services 
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TS31  the  Network 


Confidentiality 
Availability 
integrity 


Switches/Router 
Management 
'  and  Security 


Lov'dl  Homork 
Opermip. 


JWICS 
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Network  Management 
Visibility 

Encryption  (Type  1) 
Router-to-Router 


site  infrastructure 
(3GJ)  (DoDIIS  and 
non-DoDtlS) 


Non-SCI 
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rj oiwu  ihe  EnviimL 


s  JWICS 


Abiwo/'.k  Opsisnloris? 


Intrusion  Detection 
INFOCON  Alert 

Enterprise-wide  assessment 
of  controlled  interface 

Re-validate  req  for 
controlled  interface 

Reduce  numbers 

Concentrate  on  approved 
list 


^  Enterprise 
Infrastructi 
Protection 


Approved 
Controlled 
Interface 
(Guard) 


Proteaiing  ih3  CoMpulincj  En  vi/cjriw^ni 


✓  Access  Management 

✓  Audits 

✓  Intrusion  detection 
>  Virus  protection 


\  Configuration  Management 


✓  Operation  System  Security 

✓  Pi'l  applications 

>  Vulnerability  assessments 


Us^r  Y/orkstulicjn 


✓ 

1 


Information  System  Security 
Management  critical  to  success 

Chief  Information  Officer  role 
| ■  ■HI 

Protection  against  the  insider 

Manage  and  license  system  administrators 


servers 

V/ab  application 
Mission  application 
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♦  Enterprise-wide  management 

♦  Operations  emphasis  4 

♦  Single  approach  DoD  and  1C  * 

♦  Design  and  architecture 
being  evaluated 

♦  DMB  action  item 


Intelligence 

Community 


Certificate 
Authority  , 


j  j  j  j 
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site  infrastructure 
(DdDJJS  rind  non- 
DoDWB)  \ 


wmsn  &  a 


♦Monitor 
Analyze 
Respond 
Report 


JWICS 

kJnfrusion  Detection 
Svstem 


(Internal  Intrusion  Detection 
System  Report  (CND) 


Monitoring 

Computer  Network  Defense 
(CND) 


Enterprise-wide  management 
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Development  of  DODIIS  I A  Strategy 

Coordinate  with  DMB 

Modeling  an  IA  business  process  & 
risk  management  practice 

Automated  tool 
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Enterprise  wide  IA  management  is 
essential 

Apply  disciplined  business  process 
Risk  management  practice  required 


New  growth  area  with  demanding 
environment 
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Ouaauona 

and 

Co/n/nanis 
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site  infrastructure \ 
(SCI)  (DoDIIS  and) 
non-DoDIIS) 


Firewalls 


Intrusion  Detection 
INFOCON  Alert 


Router 


Enterprise-wide  assessment  of 
controlled  interface 

Re-validate  req  for  controlled 
interface 

Reduce  numbers 
Concentrate  on  approved  list 


Approved 

Controlled 

Interface 

(Guard) 


Uoiwii  the  Einclci  vz 


JWICS 


90634-19 


Bjcj  JA  Brother  jh  W^iahlng  You! 


The  primary  function  of  IA  is  to  advise  the 
decisionmaker  of  risks  by  assessing  and 
recommending  methods  to  reduce  those 
risks  to  the  information  infrastructure 


Institutionalize  Business  and  Risk 
Management  Processes 
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